Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Trouble installing netscreen 5gt

Status
Not open for further replies.
jcanon

jcanon

IS-IT--Management
Jun 7, 2001
33
0
0
CO
I'm totally new to netscreen firewalls, so I will post all details I can, cause I don't know what could be useful...

I'm trying to install a netscreen 5gt, starting from reseting the machine and using the initial configuratión wizard. I use NAT mode, trusted to untrusted mode, ip of trusted zone 10.0.0.40/255.0.0.0 not using DHCP, ip of untrusted zone is dinamic ip via dhcp.

I can conect and web manage device from trusted zone.

I can ping to internet (ping from the firewall via console (using CLI), so Internet is active (untrusted interface show a working ip / dns).

I can't ping or have web access to internet from the internal trusted zone.

I can see (ping) the trusted interface on firewall from internal zone.

I can't see (ping) the untrusted interface on firewall from internal zone.

I read all getting started and users guide, but as I can see I should have internet access after finishing initial wizard...

Basically I can connect to trusted interface from internal network and can connect to internet from untrusted interface, but I can't pass data from trusted to untrusted interface, so I suppose I have a gateway or route problem, but I don't know what to do....

any ideas?

thanks in advance...

Juan Carlos
 
Sort by date Sort by votes
Hello,

It sounds like you have either a routing issue or Policy. I'm guessing it's policy related since you can ping yahoo.com from the Trust Zone.

Try connecting to the NS via the WebUI. Go to, Polcies. Verofy that you have Source = Any, Dest = Any, Service = Any, Action = Permit from the Trust to Intrust zone. By default, there should be NO Untrust to Trust polices created.

If you have the Trust to Untrust Policy, go into the Policy and check that NAT is on. Click Edit, Advanced, Check the "Source Translation" DIP ON (None, Use Egress INT) option. This will resolve any NAT problems when trying to use Interface based NAT.

If you still have a problem, go in via the CLI and type: "get zone" and "get int". Paste the output on this site and I will have a look. Hope this helps.

Rgds,

John
 
Upvote 0 Downvote
thanks for the ideas...

It's appears to be a machine problem, now the firewall shows error at start (flash programming it's gone), so I will have to download the system image and try again...

I'll tell if it works...
 
Upvote 0 Downvote
what's the easier to block the website? do I need the block port, URL or ip?

Thx
Richard
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ITSurvivor
  • Locked
  • Question
Newbie On Netscreen 25
Replies
0
Views
29
ITSurvivor
ITSurvivor
IBMX350
  • Locked
  • Question
Netscreen 50 Mapped IPs
Replies
0
Views
23
IBMX350
IBMX350
joelrob
  • Locked
  • Question
Netscreen 25 VPN Notices missing
Replies
0
Views
21
joelrob
joelrob
Newtt
  • Locked
  • Question
Installing 3rd party software via McAfee EPO server
Replies
0
Views
28
Newtt
Newtt
ljohnsonSNS
  • Locked
  • Question
Changing ISP's and need to reconfigure Netscreen 5xp
Replies
0
Views
11
ljohnsonSNS
ljohnsonSNS

Part and Inventory Search

Sponsor

Back
Top